Jan 18 2010

Spam, Phishing and Hoax Email

Published by Byron at 2:45 am under Up & Running TechBlog

This morning, a client forwarded an email to me, thinking it might be a fraudulent message (as, indeed, it was):

Attention: PROAXIS.COM Email User

PROAXIS.COM is upgrading database Servers from the
old Servers (Nol06769) to the new Servers (No521766).
You are to fill the details below to enable us upgrade and
verify from the old server.

FILL THE DETAILS BELOW OR ANYWHERE IN THE MAIL

Email Address:
Password:
Address:
City:

Attention:Account owners who do not update his or
her account immediately you receive this Notification
will have problems using our online facilities effectively.

Notification Code:CZX1G13ABJ

The ” PROAXIS.COM ” Upgrade Team
Thanks for your co-operation.
Copyright (c) 2010.All rights reserved.

Of course, this is a fake; responding to it would be dangerous and very probably disastrous. I’m asked questions like this with some frequency, so I thought I’d share some thoughts on the subject. First a few general principles:

1) No legitimate company, service provider or merchant will EVER ask you for this information by email or at a website; you should assume that any request for your identifying information is fraudulent until proven otherwise.

2) Never use the links in an email like this; it’s possible to place a link on the page that states an address but takes you somewhere else. For example clicking on the following link: www.google.com will NOT take you to Google; try it … I’ll wait …

This is a fairly simple use of hyperlink misdirection; I did it with a webpage but it is just as easy in an email. The same principle holds true for email address links in emails and on websites. And if I can do it in 30 seconds using the most primitive of techniques, believe me, there are slicker methods out there.

3) My rule of thumb is that if my bank, internet service provider, credit card company, or anyone else with whom I do business ever wants something that badly, they can call me and authenticate themselves by telling ME information that only they and I would know.

4) If I ever think that a request like this may be legitimate, I call the firm directly, using the number in the phone book, NOT one given in the email (which, in the case of a spam or hoax, might well be fraudulent anyway) and ask them.

Or I go to the firm’s website using their web address, if I already know it, or Googling it to make sure that I’m going to the legitimate site for this firm; then if there’s information on that site that corroborates the information I originally got, I can proceed with some confidence, again, using the website I looked up; as I said above, never use the links in the email, which may be false.

5) I also look for grammar and usage in the email that may betray the sender as someone for whom English is not a native language, which is often a good indicator. The phrases:

You are to fill the details below to enable us upgrade and
verify from the old server.

and:

Account owners who do not update his or
her account immediately you receive this Notification …

as well as the quotes around the company name certainly convey the idea that the writer is not familiar with the grammar, syntax and level of professionalism that a technical writer or content professional would use. You cannot, of course, use this is a primary criterion because there will be hoax-sters with more sophistication and greater grasp of English than others, but this can be a significant piece of corroborating evidence.

You can also look at the email “header”. The header is a section of the email, usually invisible under normal conditions, that contains all kinds of information about the email such as the address it originated at, a list of the servers or computers it passed through on its way to you and various other bits of information. You can usually find an option in your email message’s ‘Edit’ or ‘View’ menu that will display this header information. Here’s part of the header information in the email my client got this morning:

X-Cloudmark-Score:

One response so far

One Response to “Spam, Phishing and Hoax Email”

  1. Janet says:

    This is such an excellent article, I linked to it from my blog.
    ;) Thanks!